Re: [Freeipa-users] Account Expiration

Wed, 06 Feb 2013 19:26:47 -0800 

James James wrote:

Can somebody gives me some help to set krbPrincipalExpiration from the
freeipa ui ?


You can't set this in the web UI.

You can do it from the command line using ldapmodify with:

$ ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: 20200508032114Z

^D

rob


Many thanks


2013/1/28 James James <[email protected] <mailto:[email protected]>>

    Hi Martin,
    thanks a lot for your answer. The krbPrincipalExpiration should do
    the job.

    Regards.


    2013/1/28 Martin Kosek <[email protected] <mailto:[email protected]>>

        On 01/28/2013 12:14 PM, James James wrote:
         > Hi, in 389-ds there is a nice plugin I love,  it's account
        policy. You can set
         > account expiration date and the account will be inactive at
        this day.
         >
         >
        
http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration
         >
         > Is there a way to have this feature with freeipa ?
         >
         > Regards.
         >
         >
         > James
         >

        Hello James,

        FreeIPA user plugin does not support this feature, you would
        need to hack it in
        the plugin yourselves (patches welcome :-).

        Generally, you should be able to set account expiration to
        krbPrincipalExpiration attribute of the user account and it
        should just work.
        You can also check few tickets we have already few tickets filed
        for better
        handling of this attribute:

        https://fedorahosted.org/freeipa/ticket/3062
        [RFE] Allow admins to change expiration attribute for the accounts

        https://fedorahosted.org/freeipa/ticket/3305
        KrbPrincipalExpiration should be checked in pre-bind op

        https://fedorahosted.org/freeipa/ticket/3306
        [RFE] Expose the krbPrincipalExpiration attribute for editing in
        the IPA CLI /
        WEBUI


        Anyway, if you want a support for this particular plugin, you
        can file an RFE
        to Trac/Bugzilla  which we will further process.

        HTH,
        Martin





_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users



_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users






















					Reply via email to